Forum Discussion

swo0sh_gt_13163's avatar
swo0sh_gt_13163
Icon for Altostratus rankAltostratus
Mar 16, 2016

ASM Chart scheduler simplfication.

Hello Folks,

 

Need some help on ASM Chart scheduler. The requirement is to get every IP logged by ASM violations in the email chart. Idea is to get exact information we see under Security > Event Logs > Application, such as IP address / name of violation / country the IP belongs from etc.

 

The issue is that the report that he receives is different than the output he sees when go to Security >> Event Logs: Application: Requests.

 

The reports the customer receives has aggregated value and counters.

 

We tried to use Multi-leveled report instead of Predefined filter, the issue is that the more options you select in Chart Path, the report will have more aggregated value (when multilevel is selected in Chart scheduler).

 

Any idea how can we have all IPs / URL / Country etc information within the emailed chart. Or if we can have at least the following information would work as well.

 

Any help on this?

 

Thank you, Darshan

 

  • I dont think this is doable. The chart is a high level reporting and it wont come with lists of violations. Per F5 there could be performance degrade if start using all kind of notification mails. In fact we wanted to get the same kind of reports but F5 advise not to go for. I think there could a way by iRule and again it is better to talk to F5.

     

    cheers

     

    • Muhammed_Saeed1's avatar
      Muhammed_Saeed1
      Icon for Nimbostratus rankNimbostratus
      Hi Vijith, I am accepting the degraded performance, how to configure it? The issue is that the Chart should give some useful info, the chart I have is useless, not like the information in the Event Logs. So, can you give us the steps to configure it?
  • I am not sure how this can be done, even i am interested. I think you need to contact F5 support.

     

  • As I understand it, the chart only shows aggregate figures because that is how it is designed.

     

    If you want detailed figures then you need to send logging to your own log servers and perform detailed reporting there. This can be done by configuring log filtering to Arcsight/Splunk/Syslog compatible log servers. Once they have the information stored in their DB you should be able to interrogate that to produce your own customised reports with the detail you require.

     

    • Muhammed_Saeed1's avatar
      Muhammed_Saeed1
      Icon for Nimbostratus rankNimbostratus
      Hi Kevin, Thank you for your reply, do you have an official document/link to support your statement "because that is how it is designed'? I need this for my client.
    • Kevin_Davies_40's avatar
      Kevin_Davies_40
      Icon for Nacreous rankNacreous
      No. I do not. It is from my observations of how the graphs work. If you are not getting 1:1 relationship from the graph to the request logs then its pretty clear there is a level of aggregation occuring here. If you ask F5 support for more detail they will have better information on how the graphs are produced.